Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
APP:CITRIX:XENAPP-XML-RCE |
|---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
APP |
Keywords |
Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution |
Release Date |
2012/11/23 |
Update Number |
2205 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
APP: Citrix XenApp and XenDesktop XML Service Interface Remote Code Execution
This signature detects attempts to exploit a known vulnerability in Citrix XenApp and XenDesktop XML Service. A successful attack can lead to a stack overflow and arbitrary remote code execution within the context of the affected application.
Extended Description
Citrix XenApp and XenDesktop are prone to multiple remote code-execution vulnerabilities. An attacker can exploit these vulnerabilities to execute arbitrary code in the context of a service account on the vulnerable server. Failed exploit attempts will result in a denial-of-service condition. The following products are affected: XenApp version 6 and prior versions XenApp Fundamentals version 6 and prior versions XenDesktop 4 XenDesktop 4 with Feature Packs 1 XenDesktop 4 with Feature Packs 2
Affected Products
- Citrix xenapp 4.5
- Citrix xenapp 4.5 Feature Pack 1
- Citrix xenapp 5.0
- Citrix xenapp 6.0
- Citrix xenapp_fundamentals 2.0
- Citrix xenapp_fundamentals 3.0
- Citrix xenapp_fundamentals 6.0
- Citrix xendesktop 4
References
- BugTraq: 48898